SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  proxy-arp

    Posted 08-31-2015 09:16
    Hi,

    I have a very casual scenario and apologies to pointing to a personal web-blog but i have all the outputs documented there so i thought it would save time for everyone, let me know if its otherwise , i will try to point it out here.

    The below one am using a source-pool and as we can see all the outputs mentioned below. The only catch is for external interfaces am using gre interface gr-0/0/0, i have not used any proxy-arp configuration anywhere and still it works fine.

    Note that the below example is done a SRX240H

    https://r2079.wordpress.com/2015/08/29/quick-series-12-source-nat-pool-based-nat-with-address-shifti...

    --------

    Secondly Destination NAT

    I have configured destination nat for ip 200.0.0.1/32 which is non-exsistant on router and still because of D-NAT policies i can see everything working fine, again i am using a gre interface for this and am not using any proxy-arp

    https://r2079.wordpress.com/2015/08/30/quick-series-14-destination-nat-pool-based/



    I read proxy-arp and understand that any ip which has not been configured on the device and still out of requirement if devices uses that arbitrary IP, we use proxy-arp, what is that JUNOS srx is flawless even without the usage , is that becuase it is over GRE ?

    Thanks
    Rakesh M
    https://r2079.wordpress.com
    JNCIE-SP#02079 / CCIE-SP #47613


  • 2.  RE: proxy-arp

     
    Posted 08-31-2015 09:25

    Hi Rakesh,

     

    The proxy arp in the SRX/Junos is only required if the ip address you are trying to reach is in the same subnet as that of the interface.

    Please read the below document for better understanding;

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB21785&smlogin=true

     

     



  • 3.  RE: proxy-arp

    Posted 08-31-2015 09:54

    Hey sailesh, 

     

    I have trouble understanding the usage, so in a scenario where you have a pool-based source nat, will there be no necessisity of proxy-arp ?

     

    Thanks

    Rakesh M

    https://r2079.wordpress.com

    JNCIE-SP #2079/ CCIE-SP #47613



  • 4.  RE: proxy-arp

     
    Posted 08-31-2015 10:01

    Hi Rakesh,

     

    The proxy NAT as mentioned in the kb, is not used in conjunction with source nat;

    Proxy ARP should be configured for the following scenarios:

    • When addresses defined in the static NAT and source NAT pool are in the same subnet as that of the ingress interface   (Source NAT and Static NAT scenario)
    • When addresses in the original destination address entry in the destination NAT rules are in the same subnet as that of the ingress interface   (Destination NAT scenario)


  • 5.  RE: proxy-arp

    Posted 09-01-2015 02:36

    Hi,

     

    Thanks for the revert. Bear with me for few questions though it may sound very basic

     

    So, when i do a pool-based source-nat and pool is from external-interface itself (11.0.0.0/24 is subnet, pool 11.0.0.16/28) do i need to configure proxy-arp in this case ?

     

    Thanks



  • 6.  RE: proxy-arp
    Best Answer

     
    Posted 09-01-2015 02:38

    No , you do not need that.



  • 7.  RE: proxy-arp

    Posted 09-01-2015 04:55

    Thanks Shailesh